hash: fix out-of-bound write while freeing key slot

Add a debug check for out-of-bound write while freeing the key slot.

Coverity issue: 325733
Fixes: e605a1d36ca7 ("hash: add lock-free r/w concurrency")
Cc: stable@dpdk.org
Signed-off-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
Reviewed-by: Steve Capper <steve.capper@arm.com>
Reviewed-by: Gavin Hu <gavin.hu@arm.com>
Acked-by: Bruce Richardson <bruce.richardson@intel.com>

diff --git a/lib/librte_hash/rte_cuckoo_hash.c b/lib/librte_hash/rte_cuckoo_hash.c
index 7e6c139..c01489b 100644 (file)
--- a/lib/librte_hash/rte_cuckoo_hash.c
+++ b/lib/librte_hash/rte_cuckoo_hash.c
@@ -1347,6 +1347,9 @@ remove_entry(const struct rte_hash *h, struct rte_hash_bucket *bkt, unsigned i)
                        n_slots = rte_ring_mp_enqueue_burst(h->free_slots,
                                                cached_free_slots->objs,
                                                LCORE_CACHE_SIZE, NULL);
+                       ERR_IF_TRUE((n_slots == 0),
+                               "%s: could not enqueue free slots in global ring\n",
+                               __func__);
                        cached_free_slots->len -= n_slots;
                }
                /* Put index of new free slot in cache. */
@@ -1552,6 +1555,7 @@ rte_hash_free_key_with_position(const struct rte_hash *h,
                        n_slots = rte_ring_mp_enqueue_burst(h->free_slots,
                                                cached_free_slots->objs,
                                                LCORE_CACHE_SIZE, NULL);
+                       RETURN_IF_TRUE((n_slots == 0), -EFAULT);
                        cached_free_slots->len -= n_slots;
                }
                /* Put index of new free slot in cache. */

diff --git a/lib/librte_hash/rte_cuckoo_hash.h b/lib/librte_hash/rte_cuckoo_hash.h
index 5dfbbc4..eacdaa8 100644 (file)
--- a/lib/librte_hash/rte_cuckoo_hash.h
+++ b/lib/librte_hash/rte_cuckoo_hash.h
@@ -29,6 +29,17 @@
 #define RETURN_IF_TRUE(cond, retval)
 #endif
 
+#if defined(RTE_LIBRTE_HASH_DEBUG)
+#define ERR_IF_TRUE(cond, fmt, args...) do { \
+       if (cond) { \
+               RTE_LOG(ERR, HASH, fmt, ##args); \
+               return; \
+       } \
+} while (0)
+#else
+#define ERR_IF_TRUE(cond, fmt, args...)
+#endif
+
 #include <rte_hash_crc.h>
 #include <rte_jhash.h>